CS Jan-Feb 2024

More documents

Recommendations

Info

2024 predictions Aaron Kiemele, Jamf: smaller businesses in the supply chain or partner ecosystem will increasingly be attacked as vectors to the true targets. Simon Hodgkinson, Semperis: Businesses are finally starting to understand that cyber is an enterprise risk. features in Active Directory. It is good to see that there is a bigger focus placed on identity protection. Zscaler AI and machine learning (ML) will resurface the data privacy debate. We are starting to see customers asking about how best to protect their own data when working with third-party providers. There is a growing concern that, as cloud providers and other vendors have access to an organisation's data, they are more likely to become a target of bad actors to acquire a company's data using AI and ML solutions. Additionally, there is also a legislation discussion to be had, as GDPR currently puts AI models in jeopardy. As models are trained on datasets, organisations need a stable and consistent set of data, in order to be as accurate as possible. GDPR currently says that companies should only keep data for as long as it is necessary to process it, which could have serious implications for AI models moving forward. In 2024, we expect companies to revisit their data privacy statutes and strive to enforce more bespoke data loss prevention (DLP) tools to secure their datasets and ensure data privacy is at the top of the cybersecurity agenda. Organisations will need to learn to hide their attack surface at a data level. The influx of generative AI, such as ChatGPT, has forced businesses to realise that, if their data is available on the internet, then it can be used by generative AI and therefore competitors, no matter if it is an owned IP or not. So, if organisations want to avoid their IP getting utilised by AI tools, then they will need to ensure their attack surface is now hidden on a data level, rather than just at an application level. Based on this trend, we predict we will see initiatives to classify data into risk categories and implement security measurements accordingly to prevent leakage of IP. Amit Sinha, CEO, DigiCert AI may be a coup for defenders, but in 2024 attackers are going to use it to develop new tactics and launch ever-more sophisticated attacks. At the most basic level, they'll be able to use generative AIs like ChatGPT or malicious versions like FraudGPT to educate themselves on how to plan and perpetrate cyberattacks, with little pre-existing technical knowledge or coding experience. Even fledgling attackers will be able to use AI capabilities to scrape key information about potential victims, harvesting crucial data from around the internet to enable social engineering attacks and perpetrate identity fraud. Generative AIs will be increasingly used to create sophisticated malware that can avoid detection by using advanced techniques like Steganography. Indeed, examples of this have already emerged. These 'intelligent' malware strains will be harder to anticipate and many legacy detection systems will struggle to keep up against these new threats. Just as AI technologies will grant the ability to create websites quickly, it will allow attackers to create fake websites, watering holes and phishing websites like never before - because of AI's ability to write, build and render a page as fast as a search result can be delivered. Generative AIs are also capable of impersonating others by learning their writing style and tone of voice. This sets the stage for advanced phishing attacks that can better impersonate a victim's colleagues, friends or family than a real human can. This will give spear-phishing and highly targeted phishing attacks a much greater degree of authenticity, especially because they'll emanate from trusted accounts that the intended victim supposedly knows well. Better and more realistic Deepfakes will also emerge, which will fuel social engineering and 12 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
2024 predictions disinformation campaigns. The threat of AIempowered cyber-attacks are understood by many. A 2023 survey showed that 81% of respondents were concerned about the potential risks associated with the rise of generative AIs like ChatGPT, while only 7% were optimistic that AI tools could enhance internet safety. In 2024, those concerns may be vindicated. Brian Martin, director of product management, Integrity360 In 2024, we foresee the evolution of threat exposure management taking hold as a concept in the market. With many prevalent and upcoming technologies centred on CTEM [Continuous Threat Exposure Management] at present, it suggests that it's going to start becoming mainstream next year. CTEM will enable organisations to be more proactive about identifying and assessing key problem areas in the attack surface that has grown substantially in the last couple of years. However, this will extend beyond simply identifying and addressing vulnerabilities, enabling organisations to alter their posture, looking at users, security controls and other key pieces of the puzzle needed to change to ensure best practices are embraced. A more widespread embrace of CTEM is also likely to accelerate the convergence of key security tools. When we talk about threat exposure management, there's a few different pillars, products and capabilities, including: external attack surface management, cyber asset management, attack path management, digital risk protection, vulnerability assessment and management, and continuous testing. Currently, these are all separate products - that's likely to change in the year ahead. Consolidation is going to be a theme for 2024, as previously standalone products continue to become features of broader overarching solutions, such as CTEM programmes. Jamal Elmellas, chief operating officer at Focus-on-Security Skills shortages will begin to be felt, due to them being cumulative. There is an annual shortfall of 11,200 cybersecurity employees, according to UK Government research, and this is cumulative, which means year-on-year the shortage is intensifying. Moreover, an increase in demand for cyber roles of 30% and growth in employment of 10% over the course of 2022 indicates demand is also on the up. In 2024, the shortages of skilled cybersecurity employees will start to bite and businesses will no longer be able to keep doing what they have been doing and recruit from the same small pool of talent. Recruitment strategies will have to become more creative in a bid to identify raw talent, if security teams don't want to be left short staffed. Emergence of more low cost or free training schemes to boost intake. Industry bodies have already taken proactive action, with the likes of (ISC)2 offering a million free entry level certification courses and exams, while in the US a number of universities have launched free online courses. Advances in the provision of courses online mean this is now a viable low-cost alternative. So, next year we can expect to see more subsidised or free training, in a bid to attract more people into the sector or to upskill professionals to fill those roles that are in high demand. A brain drain as more senior execs leave the field, due to stress and burnout. Stress levels continue to be high, with incidents and alert levels on the rise, which means we are on track to realise Gartner's prediction of 50% of cybersecurity leaders changing jobs and 25% leaving by 2025. Thus far that exodus has been tempered by the cost-of-living crisis, but, as inflation stabilises and confidence returns, there will be an exodus at the top. Given the years of experience needed to fill these roles, this could seriously destabilise security teams and stall security projects. Guido Grillenmeier, Semperis: good to see that there is a bigger focus placed on identity protection. Amit Sinha, DigiCert: AI technologies will allow attackers to create fake websites, watering holes and phishing websites like never before. www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 13
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 14 and 15: training SAFEGUARDING HR IN THE AGE
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 20 and 21: artificial intelligence Gareth Lock
Page 22 and 23: phishing PHISHING FOR THE ANSWERS D
Page 24 and 25: ansomware WE SHALL NOT BE MOVED! SE
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 30 and 31: attack… attack Amit Sinha, DigiCe
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

Create successful ePaper yourself

Delete template?

Save as template?